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[57] ABSTRACT 

This invention relates to a universal authenticator for 
use with an ordinary telephone station over an ordinary 
telephone line. The authenticator, which is the size and 
shape of a credit card, receives a query number by being 
held against the receiver of the telephone station and 
receiving audio signals in a receiver. Using its own key, 
it transforms the received query number into an individ- 
ualized response number which it transmits via its 
speaker when the authenticator is held against the mi- 
crophone of the telephone station. 

10 Claims, 5 Drawing Sheets 
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UNIVERSAL AUTHENTICATION DEVICE FOR 
USE OVER TELEPHONE LINES 

This application is a continuation of application Ser. 5 
No. 07/863,901, filed on Apr. 6, 1992, now abandoned. 

TECHNICAL FIELD 

This, invention relates to authentication arrangements 
for telecommunications systems users. 10 

PROBLEM 

Telephone calling card fraud and fraudulent use of 
corporate PBXs currently costs consumers over a bil- 
lion dollars a year. In a typical arrangement, callers to 15 
the PBX use an 800 number to get access to the PBX. 
Their authenticity is verified by asking them to dial a 
multi-digit digit access code, which, if authentic, gives 
these people access via the PBX to a second dial tone. 
The caller can then place any outgoing call not denied 20 
to normal users within the PBX. Clearly, anyone who 
can obtain the 800 number and the access code can then 
place calls that are charged to the PBX. More gener- 
ally, the present calling card arrangements are also 
subject to extensive fraud through the use of stolen 
cards or through the interception by audio taps or visual 
observation of a calling card number. 

Computer "hackers" are particularly active in using 
their computers to access corporate PBXes and deter- ^ 
mine valid access codes by trial and error. They then 
sell these codes along with the PBX telephone numbers 
to "resellers" who resell these to numerous fraudulent 
users. This vastly magnifies the scope of the fraud. 
More generally, a problem exists that there is no inex- 35 
pensive, convenient arrangement for permitting users of 
ordinary telephone lines to have their identity authenti- 
cated so that they will not be falsely billed for telephone 
or other services. 

SOLUTION 40 

The above problem is solved and an advance is made 
over the prior art by using a universal authentication 
(UA) device in accordance with the principles of the 
invention, that can be used over any phone line to au- 45 
thenticate the use of calling cards, private corporate 
PBXs etc; the authentication device provides unique 
signals that authenticate its user. The authentication 
device is used in lieu of a calling card and is equipped 
with hardware to allow a query-response type of au- 50 
thentication scheme to be used or to provide the data of 
a query and the response to that data. In any case, the 
authentication message (response) sent by the device 
will be different for successive authentication requests. 
It includes an audio interface (tone generation and re- 55 
ception) which allows the device to communicate di- 
rectly with the telephone using tone signals and frees 
the user from manual keying in of codes. 

Advantageously, the UA does not require a special 
telephone station (such as mobile phone, smart card 60 
station eta). The device can also be used for authentica- 
tion of uses of various other services (banking etc.) over 
telephone lines, as well as to help authenticate remote 
logins to computer systems. The added cost of provid- 
ing such a device is quite small (a one-time cost of a few 65 
dollars per authorized user). As far as the user is con- 
cerned, using this device is no more complicated than 
using an Automatic Teller Machine. 



DESCRIPTION 

The card-sized device is equipped with computa- 
tional hardware to implement a function mapping 
queries into responses, a keypad to enter input, an LCD 
display and an audio interface which can receive input 
and provide output in the form of tones transmittable 
via a telephone handset over a customer line to a 
switching system. The object of implementing a func- 
tion mapping queries (a first number) into responses 
(part of a second number) is to create time varying 
responses, based on time varying queries, so that an 
interception of one query-response couple will not be 
useful at a later time. It also has the magnetic bar infor- 
mation currently on calling cards so that it can also be 
used at the special stations already provided for calling 
cards as well as from any other phone. Two different 
devices provided to two different users picked at ran- 
dom, will almost certainly use different functions to 
generate responses. It should be noted that the device is 
significantly different from the AT&T SMART CARD 
(§) and other smart cards which can only be used from 
special stations. (This is discussed in detail later). Time 
varying authentication messages may be produced by 
three different methods. The first method is to use a 
challenge-response scheme — that is, to let the system at 
the far end provide a random number to the authentica- 
tion device, which then computes an appropriate re- 
sponse and transmits it back to the system. The other 
method is to use the Time of Day as input to a function, 
and transmit the output of the function as well as the 
Time of Day used, to the system at the far end. The 
third method is to use a monotonically increasing or 
decreasing function, such as a count which is incre- 
mented with each use. The first method is described in 
detail in the following paragraphs. The second and 
third methods are briefly described later. 

USING THE DEVICE 

A procedure for using this device for corporate PBX 
authentication is as follows. Each legitimate user is 
assigned a Personal Identification Number (PIN) which 
is also associated with the particular device provided to 
him or her. Before seeking authentication the user en- 
ters his/her PIN into the device which we call the 
Universal Authenticator (UA). If the PIN is correct, the 
UA is activated and can be used. Next, the user dials a 
phone number (printed on the UA if desirable) to seek 
authentication (as done currently with corporate 
PBXs). A voiced response directs the user to place the 
activated UA close to the earpiece of the calling tele- 
phone station and enable it to receive incoming tones 
from the earpiece. The authentication system then sends 
a set of tones representing a random number which is 
received by the audio interface of the UA. This is the 
query number. The UA then produces an output num- 
ber as an appropriate response to the query number and 
flashes a message to the user to place the UA on the 
mouthpiece and hit the key to start transmission. The 
UA sends the set of tones representing the output that it 
has produced. The system matches the response against 
an output that it generates internally, and authenticates 
the request if there is a match. The overall scenario of 
operation is shown in FIG. 1. 

The user has the option, the only option available in 
some presently available authentication devices, of 
manually keying in the number to the UA and dialing 
the response back to the system manually. In this case a 
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voiced response from the system provides the user with played in the LCD. The content of the output shift 
a random number to enter into the UA. Once this is register is provided to the tone generator when the user 
keyed into the UA by the user, the UA produces a enables it (by clicking the key in the edge notch a sec- 
corresponding output number on its display. This is ond time) and the tone generator converts the output to 
entered by the user (using a telephone dual tone multi- 5 tones which are transmitted by the transmitter, 
frequency (DTMF) keyboard if provided or using voice FIG. 1 is a block diagram of the scenario for authenti- 
if a speech-recognizing system is supported) to seek cation. The user enters a PIN into a universal authenti- 
authentication. Alternatively, and preferably, the user cator (action block 101 ). This primes the universal 
may request the UA to transmit the tones representing authenticator for later use. The user then calls a tele- 
the output number. 10 phone number for the authentication service and holds 
A high level state diagram of the device is shown in the UA against the earpiece of the telephone instrument 
FIG. 2. Initially, following the entry of the PIN, the to receive an input number, generally a random number 
device is in the Ready state. While in the Ready state, generated by the authentication system. The call is set 
clicking a special receive/transmit key (in an edge up (arrow 105) to the authentication system and the 
notch — shown in FIG. 3) puts the device in the Receive 15 authentication system which is generally either a 
state. In the Receive state the device can receive either switching system (switch) or a PBX provides a random 
audio or keyed input On completion of reception of an number to the UA by means of tone signals. These tone 
input of 8 digits, the device goes to the Compute state signals are transmitted to the UA (arrow 109) and are 
where the response is computed. On completion of received via the earpiece of the handset of the telephone 
computation, the device enters the Ready to Transmit 20 instrument. The UA then calculates the response and 
state and flashes a light emitting diode (LED) to indi- transmits a response via the mouthpiece of the sub- 
cate completion of computation. While in the Ready to scriber handset This response is transmitted to the au- 
Transmit state, another click of the receive/transmit thentication system (arrow 113) which matches the UA 
key transmits the audio output corresponding to the response against an internally generated number and 
computed response and the device returns to the Ready 25 grants the request if the response is valid (action block 
state. The device may also be reset to the Ready state 115). The authentication system then transmits back to 
from any other state by using a reset bar (shown in FIG. the user a grant or denial of the authentication (arrow 
3). 117) after which the user can make a telephone call or 

APPEARANCE AMD INTERNALS „ ^^Tlt^H^^^ 

FIG. 3 shows the external appearance of the UA. The also possible to use keyboard entry into the UA instead 

external appearance of the device is similar to a smart of listening to tones and to inform the user of the ran- 

card except that it has an audio interface to allow it to dom number through a voiced response from the au- 

communicate using an ordinary telephone station. The thentication system. Similarly, it is also possible for the 

keypad allows entry of the PIN or manual entry of the 35 user to transmit a response to the authentication system 

input random number (if the user so chooses). The LCD by keying in the response using a dual tone multifre- 

displays the number entered. After computation of the quency (DTMF) keypad of the user's telephone instru- 

response, the response number is also displayed. The ment. Further, in an alternative configuration, the UA 

LED flashes to indicate that computation is complete. itself supplies the input number. With this configura- 

The key in the notch on the edge is for enabling the .40 tion, block 107 and arrow 109 are not used and the UA 

audio reception/transmission and is convenient when instead of receiving the input number generates the 

the user has to hold the UA flat against the earpiece or input number internally within block 103. The response 

mouthpiece. in this case must include the input number to permit the 

A magnetic bar code on the device allows it to be authentication system to authenticate the "response" 

used from a calling card reader station as well. In this 45 number from the same input number that was used by 

case, only the encoded identification is transmitted, so the UA. 

that authentication is much less secure. FIG. 2 is a state diagram of the UA. In the dormant 

The internals of the device are shown in FIG. 4. state 201, the user may supply a PIN input 203. This 

Entry from the keypad is done either when entering the places the UA in state 204 wherein it verifies whether 

PIN or if manual mode of entering the input number is 50 the PIN input is correct If not, the UA returns (arrow 

chosen. Depending on the operation, the entry from the 205) to the dormant state. If the PIN is correct (arrow 

keypad is gated to either a PIN entry register or a 207), the UA goes to the ready state (209) and the dis- 

MUX. The content of the PIN entry register is com- plays a ready signal. The user then makes the call to 

pared with the content of a stored PIN register and in request authentication and places the UA next to the 

case of a match, the compute/table lookup unit of the 55 earpiece of the telephone instrument handset and clicks 

microprocessor (for generating the response) is enabled the edge notch key of the UA (arrow 211). This places 

for subsequent operation. When the user enables the the UA in the receive state (213) ready to display input 

tone detection (by using the key in the notch) the re- number digits as they are received. The UA remains in 

ceived tones (from the receiver) are converted into bits the receive state until all input digits have been received 

which are sent to the MUX. The MUX allows the 60 so that a false edge notch key click while the UA is in 

choice of automatic mode (through the audio interface) the receive state (arrow 215) is simply ignored. When 

or manual mode (through the keypad) of input entry. the input digits have been received (arrow 217), the UA 

The entry selected by the MUX is entered into the input goes into the compute state (219) in order to compute 

shift register and subsequently provided to the com- the response number. Again, a premature edge notch 

pute/table lookup unit. On completion of response com- 65 key click (arrow 221 ) while the UA is in the compute 

putation, the response is provided to both the output state will have no effect After the UA has completed 

display register and the output shift register. The output computing the response (arrow 223) (this is signaled to 

display register allows the response output to be dis- the user by having the LED display flash) the UA goes 
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into the ready to transmit state (225). The user then register 435 which tones are delivered to speaker 439 

places the U A next to the mouthpiece of the telephone for transmission to the authentication system. The reset 

handset and presses the edge notch key click (arrow bar 309 sends reset signals 440 to compute mechanism 

227) in order to cause the response output to be trans- and state controller 413, and to output display and shift 

mitted over the telephone connection to the authentica- 5 register 433. 

tion system. This returns the UA to the ready state (209) na 5 is an overall block diagram of the operation of 

If for any reason a user wishes to return to the ready th e universal authenticator. The circled numbers repre- 

state at any time and start over, this can be accom- sent successive steps and have been placed on the dia- 

phshed by operating the reset key which will cause the ^ m to hel ^ reader follow ^ progress ofihe pro _ 

U ^ £J^rT s * te j*™™ 229 ' *J* 10 cess. Hie two main blocks in dashed hues are the uni- 

and 1235) The UA returns to the dormant £ate from the versal authent icator 301 and the authentication system 

ready state via either a timeout (arrow 237) or after a 501 which h ^ to be a switching system or / PBX , 

predetermined number of uses of the UA (arrow 239) The process starts when the user reqLsts an authentica- 

W ct£ C ^ co ? es . nr f t * tion (action block 503) (It is assumed that the UA is 

FIG. 3 is a physical diagram of the universal authenti- 15 , \ . . ' > , 7^ " 

cator 301. It includes analidio interface 303 comprising dy m * e ready ^ use J has P rev !" 

a microphone for receiving signals from a telephone ou ^ ^ered * ™rrect ™«) ^ request for authenti- 

connection and a speaker for transmitting signals to a catl0n 15 formed by dialing a number for a connec- 

telephone connection. The computing hardware 305 h ° n ^ authentication system 501. The completion of 

inside the UA is shown by a dashed line since it cannot 20 ™ e actlon * re P re s«*ed by arrow 505. The authentica- 

be seen from the outside of the UA. The UA also has a tion ****** S enerates ™ *-4i&t mput number (block 

keyboard 307 which has the 12 DTMF keys and a reset 507 ) which number * ^en transmitted by tones to the 

bar 309 for resetting the UA. Also shown are an LCD UA (arrow 509 )- The UA receives these tones by being 

display 311 of numbers received or generated by the ncld against the earpiece of the handset from which the 

UA and a key 313 in a notch on the edge of the UA. A 25 user requested the authentication (action block 511 ). 
magnetic code bar 315 is also attached to the outside of The input number is then transmitted from the tone 

the UA so that the UA can be read by conventional detector of the UA and is transmitted (arrow 513) to 

credit readers. storage 515 for storing the digits representing the input 

FIG. 4 is a block diagram of the internals of the UA. number. (In an alternative arrangement, the input num- 

Block 401 represents output circuits connected to the 30 ber can be keyed in by the user using keypad 307.) 

keypad of the UA and generate digital signals corre- These 8 digits are then passed (arrow 517) to the com- 

sponding to the numbers of the keypad. Gate 403 con- pute hardware 519 which generates 8 digits of output, 

trolled by mode signal 402 in this case gates the output These 8 digits of output are combined with an 8-digit 

from the keypad 307 digital signals to shift register 405. identification of the UA (in block 523) to form a 1 6-digit 

The output of this register is compared in microproces- 35 output consisting of the 8-digit output of the compute 

sor 407 which has been broken down conceptually into hardware and the 8-digit output of the sequence identifi- 

a program memory 410, a compute mechanism and state cation. These are stored in the 1 6 digits of block 525 and 

controller 413, a stored PIN register 409 which is a are transmitted (arrow 527) from the tone generator 423 

small amount of read-only memory preset at the time via the speaker 439 over the telephone connection to 

the UA is given to its user, a comparator 411 for com- 40 the authentication system 501. They are received and 

paring the output of shift register 405, and PIN register st0 red in a 16-digit response register 531 which takes 
409. Register 409 also stores the sequence identifier of the 8-digit UA sequence identifier selected in block 533 
the UA and the private key of the UA. The output of ^ transmits (arrow 535) these digits to the compute 

comparator 411 is used by compute mechanism and hardware . The compute hardware then uses the input 

state controller 413 to fetanuoe whether to place the 45 numbcr ^ ±c UA nce identifier tQ ute ^ 

UAmto theready state. LED 415 cormerfed to control- 8 ^ q{ compute d by compute hardware 519 

ler ^413 grves an .indication to the user. The user is then of the ^ ^ ^ k (arrow 

able, after dialing a connection to an authentication Cy4m . rt ^ + . - . *V v , 

center, to enable tihe detector by placing enable the tone f 4 ^ t0 £ ° U ter , ? he f re »f «?P«* 

detector/tone generator 423 to ^^detecThicormng signals 50 (™w^^ 

(detector enable 422) from microphone 421. The detec- m blo f S31 A */ ? a authenUcation is 

tor enable signal 422 comes from the state controller f 8 ?** Z * * .authentication is 

413 which receives input signals 442 from the edge demed * ^ ^ant/deny authentication signal 547 is 

notch key 313. The output of the tone detector is then transmitted back to the user and is used to allow the 

fed via multiplexer 427 into shift register 431 whose 55 swltchln g svstem or PBX *> accept or reject further 

output goes to the compute mechanism and state con- ^ s from ***** user * 

trailer 413 of microprocessor 407, which is controlled TABLE 1 

by a stored program 410. Compute mechanism 413 then Table i is a list of parts for the various elements of the ua. ~ 

generates the output, using the input random number, h ~ Quantity Part No 

the private key, and the sequence identifier. It transmits 60 — • 

the output, which includes the sequence identifier of the J^^^"^ \ ucml° 

UA plus the output corresponding to the input received Serial uTp^iel out 2 74ALS164 

from shift register 431, to output display register 433 shift Reg. (for pin entry 

which drives LCD display 311 and also to output shift Register & output shift Reg.) 

register 435 which is an input to the tone generator 65 ItoDd b Sai21 out 1 74ALS165 

portion of tone detector/tone generator 423. The tone ®j® £' s \ <foT Input 

generator is enabled by a signal 437 from state control- ModcI x 3 3/r 

ler and generates tones based on the output of shift width 2 i/r 
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TABLE 1 -continued mechanism within the switch/PBX for genera- 

tion of the matching response must also take into ac- 



Table 1 fa a list of parts for the various elements of the UA. ^ q{ ^ particular UA involved. Two 

£2 Quantity Part Nq different UAs will almost certainly use different func- 

(8 57 x 5.40 cm) 5 tions for the query-response match. The UA reveals its 

identity by embedding digits specifying its id number 
within its output response. The switch/PBX will, with 

SAFEGUARDS the help of this id, determine the appropriate function to 

It is well-known that the query-response method of ^ fo . r checking the response given by the UA. 

authentication is superior to a single password or code. 10 M Seated earlier the functions mapping queries to 

(See, for example, W. J. Caelli (ed.): Computer Security responses should be different for different UAs. This 

In The Age Of Information, pages 223-234, Elsevier may be achieved easily within the UA by having a table 

Science Publishers, B.V., IFIP, 1989.) In the query- mapping certain inputs to certain outputs. But, this has 

response mode the response (the output number) that is two sen0X3S drawbacks— first the set of inputs is limited 

provided by the user is good only for the specific query 15 somewhat compromising security ^ and secondly at 

(input number) presented by the system. An eavesdrop- s * stem , e ° d a very large amount of memory will be 

per can gain nothing by illegal monitoring of the £ **** U P st °™? of the many UAs. A solution 

sponse because the query presented by the system will i^^^ C1 ? ^ 13 * ™ a 

almost certainly be something different the next time on ^onthm for the mapping, but modify the 

and will require a completely different response. Typi- 20 ^^STS^^ T 

cally, a complex function (or a large table, or a combi- ^T^S^iT^ t * T ^TFT! 

nation of function and table) to map queries to responses ^ " * ^ 

-j , A . . ^ \? m T the key for that UA which can then be provided to the 

£S P^ ectl ° n ■* uart t0 breach ** algorithm so that it is suitably modified for the particu- 

* * f system. 25 laj UA ^ ^ calculflte ^ proper response for the 

The second safeguard is the w s of Je. HNi possibly ^ venm Within ^ UA ^ * somewnat 

4 digits), ^ensures that ^unless the PIN is known fce gnptar. Only a specific version of the algorithm has to 
UA is useless to a thief. Also, die user may preload the be implemeri ' ted . fa, ^ be whoIIy or ^ly teble . 
PIN m a sec uded place (away from public phone : booth ^ve*. FIG 5 ^ deUdl$ ^ * vcrall ^ heme 
for example). FmaUy, once the PIN is entered, the UA 30 mvolvin ^ UA ^ Qf ^ querwp0Me system on 
can only be used for a limited number of ^times (say 2 the switch or PBX (assuming the sizes of the initial 
and for a limited amount of time. The PIN must be number and the UA sequence id to be both 8 

reentered after that to continue using the UA This digits i ong) . (8 digits each for the query number and the 
ensures that even if a UA loaded with the valid PIN is nce id ^ ovide sufficient protection, and at the 

stolen, it can be used only a limited number of times. 35 ^ time ^ total res size to be keyed m b user 
Also, if a user loads a PIN and forgets to use the UA would be 16 6 ^ ^ ^ comparable to calijng card 
subsequently, an automatic internal timer will erase the codes currently being used (14 digits). 
PIN after some tune, making the UA useless for a thief. 

Of course, the user is expected to report loss of the UA COMPARISON WITH OTHER DEVICES AND 
immediately as with other credit cards, calling cards 40 SCHEMES 

et( L. „ . , . . , Query-response methods are sometimes used in high 

Finally, as with most authentication schemes, the security computer systems where the user is supposed 

authentication system will break the connection after a t0 remember the function used. These are usually fairly 

limited number of retries in case of errors. Thus if the ^m ? \ 0 functions. On the other hand, possibly the most 

system at the far end receives an incorrect response it 43 secure functions extensively investigated for use in au- 

will send a different input to allow the user to retry. thentication methods such as public-key cryptography 

After a limited number of retries the connection is bro- and digital signatures are the so-called trap door func- 

ken. Reestablishing the connection will of course be tions. (Rivest, R. L., Shamir A., and Adelman, L. A 

delayed by the normal delay in the phone network. Method for Obtaining Digital Signatures and Public- 

IMPLEMENTAHON 50 kcy Cryptosystems. Comm. ACM 21, 2 (February 1978) 

pp. 120-126.) (Merkle, R. C, and Hellman, M. E. Hid- 
The implementation consists of two parts; the unple- mg Information and Receipts in Trap Door Knapsacks, 
mentation of the query-response in software/hardware IEEE Transactions on Information Theory, 24, 5 (Sep- 
on the switch/PBX, and the implementation of the tember 1978) pp 525-530.) (Diffie, W., and Hellman, M. 
program on the UA to determine the output number 55 E. Privacy and Authentication-An Introduction to 
given an input number. The part to be implemented on Cryptography. Proc. of the IEEE, 67, 3, (March 1979) 
the switch, PBX or other telecommunications network pp 397-427.) (di Porto, A. A Public-key Cryptosystem 
element, consists of selection of the input random num- based on a Generalization of the Knapsack Problem, 
ber, a DTMF output and/or voiced response system to EUROCRYPT 85 Abstracts, Linz, Austria, April 
relay the number to the user, reception of the response 60 1985.) These of course are useful when part of the key 
or digits keyed in by user, and matching of these against must be made public. However in the arrangement 
the system's own internally generated response. The discussed here, since the keys (functions used) for each 
generation of response can be packaged in a chip to user can be kept private, and so a private key scheme is 
avoid any probing. Within the UA there has to be a sufficient; public key cryptography or digital signature 
similar mechanism for generation of response. This 65 schemes are not needed. Two well-publicized private- 
mechanism can be an implementation of a compute- key schemes are National Bureau of Standard's Data 
tional algorithm or a table lookup process or a combina- Encryption Standard (DBS) algorithm, (National Bu- 
tton of both. reau of Standards. Report of the Workshop on Cryp- 
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tography in support of Computer Security, 21-22 Sep- is also "burnt" into the ROM, although, alternatively, it 
tember 1976, NBSIR77-1291 (September 1977).) and could be loaded into RAM after the battery is installed, 
the Fast Data Encipherment Algorithm (FEAL). An added benefit of the Universal Authenticator 
(Shimuzu, A., and Miyaguchi, S. Fast Data Encryption device is that it can replace multiple service cards, call- 
Algorithm— FEAL. Abstracts of EUROCRYPT 87, 5 ing cards etc. carded by the typical user. It can be used 
Amsterdam, (April 1 987), pp VII- 1 1 .) But, calling card for authentication for many kinds of services. For exam- 
fraud prevention does not need ultra-secure functions pie, it can be used to improve security of computer 
that were developed in the context of cryptography but systems where remote logins are permitted. Legitimate 
merely needs functions complex enough to thwart the users can be equipped with an authentication device for 
run-of-the-mill criminal. Either the DES algorithm or a 10 &z purpose rather than being provided with passwords 
simpler algorithm based on the DES algorithm may be have to be changed from time to time. The UA 
used here. makes it easy to implement secure query response 
Authentication as well as encryption schemes also mechanisms using complex functions. On being dialed 
find use in cellular phone systems. These are used to tne system sends a query to which the user must send an 
identify the users uniquely, to keep the communication 15 appropriate response in order to be logged in. This 
secure, and to meet other special security-related needs would ^ a relatively inexpensive and convenient 
of mobile radio communication. With this in mind, some method to significantly improve the login security of 
cellular phone system standards (ETSI/TC GSM Stan- such svstems * Jt requires no special equipment at the 
dards, section GSM 3.20, (released by ETSI/PT 12) users end. 

(February 1990) pp 4-28.) mandate the use of complex 20 Dlff *rent codes for different services can be used to 

encryption/authentication schemes in communication. set the ^ A to a specific mode of operation for authenti- 

Appropriately equipped cellular phone stations adapted c ¥ tu « US€ of ^ e desired service The telephone 

for digital transmission are needed for such schemes to nu i nber to re f ^ ^ authentication for using the spe- 

work. On the other hand the need addressed here is that „ semce ^ t0 ^calkd and thequery-response 

of authentication only, from a regular phone, and this 25 ^T^a e ^ descnb ^ ™ e ^P^enta- 

„ aT% i m . „«; ■ i ^ ^ , 1„ 7 p - ^ tion of the UA as well as the overall scheme is feasible 

need can be met using a simple private key scheme. The ^ currently available technology, 

device (UA) proposed here to perform the authentica- ^ \T T . ? . , , , At 

* x. v * The authentication service can be provided by tele- 

tion, can be used over any phone line requires no spe- hone switches (such ^ AT&T>s ^ ^ 

cial stadon, can be implemented in z relatively mexpen- 3Q ^ \ e pBXs ^ ^ served ^ ^ a s ^ ltch 

sive ana convement to operate package, and is unique in which ^ act ^ 

a gatekeeper. Once a caller's request 

tnese respects. to access a pBX fe authenticated the caller will be 

The UA being proposed also differs from the various tfid access to ^ PBX b ^ gatekce pe r switch and 

lands of smart cards already available. Smart cards are the pBX ^ the caller > s requestSj so the PBX is 

typically used in financial service transactions but can 35 not tied up p er f 0 nning repeated authentication for users 

also be used in a ^umber of areas (^au^.^au- requesting access . Also, once the system end of the 

muUer-BicH I (Ed.) SMART CARD 200fc The Fu- au ^ e nticItion mechanism is available on the telephone 

ture of IC Caros North-Holland, 1989.] ► (McCrmoUe J network it ^ become easier to make the UA available 

Smart Cards, IFS 1^ (Sprmger-Verlag) 1990.) for a variety of purposcs . The telephone network owner 

(Bright, R. SMART CARDS: Pnnciples, Practice, 40 telephone company or long distance provider) 

Applications. Ellis Horwood Ltd. (John Wiley distrib.) ^ then provide authentication as an end to end ser- 

1988.) Smart cards are usually equipped with a micro- vice-providing both UAs and the authentication ser- 

processor and an adequate amount of memory and can ^ on the netW0 rk- The UA is not a competitor of the 

do a host of tasks such as authentication and recording smart card in this respect While smart cards are usually 

of transactions as well as recall of past transactions etc. 45 more computationally powerful and versatile than the 

However, smart cards (whether of the contact variety proposed UA, they are also more expensive and are 

or contactless variety) require a special reader station restricted by their need for special stations to operate 

for power and communication with the remote system f rom . The UA is limited in its scope (can be used for 

(banking etc.). Even the so-called "active cards" which authentication only), but can be used from any regular 

have sealed-in batteries require a reader station or at 50 voice phone, and is likely to be less expensive because 

least a data interface in order to communicate directly i ts hardware is dedicated rather than general-purpose. It 

with a remote system. The UA on the other hand can may make sense to introduce UAs instead of plastic 

operate over any ordinary voice phone primarily be- calling cards at this point. There is a definite need for 

cause of the embedded tone detector and tone generator such a device. At some later point when smart card 

equipment. 55 reader stations are more plentiful the UAs can be up- 

The UA is a sealed unit which will minimize damage graded to smart cards, 
due to moisture etc. The batteries are sealed in. A low 

power indicator informs the user that the battery is ALTERNATIVE IMPLEMENTATIONS 

about to die; the user then has the option of calling in for It is possible to have a somewhat more rugged and 

a replacement UA. Typically, the UA will be replaced 60 less expensive implementation by not using the standard 

every couple of years just like credit cards, calling cards tones used by DTMF, and instead encoding the audio 

etc. The battery power is adequate to last the antici- signals using frequency shift keying with just two fre- 

pated life-time of the UA. A customer provided PIN quencies in the audio range (a "high" frequency and a 

will be "bumf* into a ROM in the UA before it is pro- "low" . frequency). This is the scheme described, for 

vided to the customer. The UA identity and key or 65 example, in U.S. Patent 4,823,956, used for incoming 

other information necessary to control the generation of caller line identification. In that case the DTMF Tone 

the response message are also "burnt" into the ROM of detector/generator (SSI2OC90) will not be needed, 

the UA. In one preferred implementation, the program Also, instead of a carbon microphone it is possible to 
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use other techniques to pick up the incoming audio. A 
detector based on an inductor coil (similar to those used 
in hearing aids) can pick up the electrical signal directly 
from the phone line (near the earpiece) bypassing the 
need for a microphone. This will work well in noisy 5 
environments. Similarly, instead of an ordinary metal 
diaphragm speaker, a piezo-electric sound generator 
can be used to generate the outgoing audio. Such piezo- 
electric devices are physically more rugged than metal 
diaphragms and are also more compact They are also 10 
less expensive. Them is no need for high fidelity in the 
audio output because it is only necessary for the far end 
to determine whether the frequency is "high" or 'low". 
So piezo-electric sound generators which are typically 
limited to a few frequencies may be quite acceptable. * 5 

The authenticator device requires the user to execute 
two actions with the device in order to receive authenti- 
cation. The user has to first click the receive/transmit 
key and hold the device against the earpiece to receive 
the incoming audio signal, and then click the key again 20 
and hold the device against the mouthpiece to transmit 
the outgoing audio signal. A modification to the scheme 
can reduce the number of user actions needed and make 
the device easier to use. 

By adding a pseudo random signal generator (such as 
a Pseudo Noise sequence generator) and an internal 
clock, the device can be itself made to produce the input 
number. Then there is no need to receive incoming 
audio signals from the phone line. The user then, has to 3Q 
only hold the device against the mouthpiece and click 
the transmit key. The Time of Day available from the 
internal clock will be provided as the seed to the pseudo 
random signal generator, and the output of this genera- 
tor will be the input number to the authenticator device. 35 
The device will transmit both its internal Time of Day 
(year, month, day, hour and minute) along with the 
output number from the computation/table look-up 
function. 

The system at the far end receives the Time of Day ^ 
from the device and first verifies that it is close (within 
a threshold) to its own internal Time of Day. If the 
device's Time of Day is not within the threshold, the far 
end system (PBX or switch) will ask that the device's 
clock be synchronized with the far end system's clock 45 
before authentication is requested. The check for the 
consistency of Time of Day is to be done to prevent an 
eavesdropper from recording a pair — Time of Day and 
output number — and reusing the pair to gain fraudulent 
authentication. 50 

If the device's Time of Day is within the acceptable 
threshold the far end system uses the transmitted Time 
of Day to generate the input number for authentication, 
and subsequently the output number, and matches it 
against the output number received. In case of a match, 55 
authentication will be granted. 

Another alternative, somewhat less safe, is to store a 
count in the UA, and advance the count with each use. 
The authentication system also keeps track of the count. 
The UA transmits both the count and the transforma- 60 
tion of the count to the authentication system. The 
authentication system will then verify the transforma- 
tion but will only accept the authentication if the trans- 
mitted count exceeds the last authenticated count Ad- 
vantageously, this arrangement prevents someone who 65 
has intercepted a legitimate authentication from simply 
reusing it, but avoids the necessity for receiving a ran- 
dom number from the authentication system. 



The term "random" or "pseudo-random" as used 
herein means that the number is unpredictable, and not 
that it meets the tests of random numbers such as those 
found in a random number table. Unpredictability is the 
key attribute. 

The audio communication interface that has been 
described here can also be used in Smart Cards such as 
the AT&T SMART CARD (g) No special reader sta- 
tion is needed for this mode of communication and so 
the Smart Cards equipped with an audio interface can 
be used over ordinary phone lines. Transmission of 
information can be executed by holding the card against 
the mouthpiece and clicking the receive/transmit key. 
Likewise, information from the far end can be received 
by holding the card against the earpiece and clicking 
the receive/transmit key. To guard against errors in 
transmission, the audio signals may be encoded using 
error detection/correction codes. 

It is to be understood that the above description is 
only of one preferred embodiment of the invention. 
Numerous other arrangements may be devised by one 
skilled in the art without departing from the scope of 
the invention. The invention is thus limited only as 
defined in the accompanying claims. 

We claim: 

1. Authentication means comprising: 

means for automatically transmitting audio signals 
over a voice telephone line, said line connected via 
a telephone network to an authentication system, 
said means for transmitting arranged for transmit- 
ting by having a user of said authentication means 
hold said means for transmitting against a micro- 
phone of a telephone station while leaving a 
speaker of said telephone station available for said 
user of said authentication means to listen; 

means for generating a number, independent of any 
keyed personal identification number, coupled to 
said means for transmitting, wherein said number is 
derived from a time-varying quantity and a key 
unique for said authentication means, and said 
quantity globally and independently maintained 
internally in said authentication means and in said 
authentication system; said number for transmis- 
sion by said means for transmitting to said authenti- 
cation system for authenticating an identity of said 
user of said authentication means; and said number 
comprising data for identifying said authentication 
means and comprising no data based on any keyed 
personal identification data; 

means for storing a personal identification number; 

a keypad for entry of a personal identification num- 
ber; and 

means for enabling said authentication means in re- 
sponse to a match of the stored and entered per- 
sonal identification numbers. 

2. Authentication means comprising: 

means for automatically transmitting audio signals 
over a voice telephone line, said line connected via 
a telephone network to an authentication system, 
said means for transmitting arranged for transmit- 
ting by having a user of said authentication means 
hold said means for transmitting against a micro- 
phone of a telephone station while leaving a 
speaker of said telephone station available for said 
user of said authentication means to listen; 

means for generating a number, independent of any 
keyed personal identification number, coupled to 
said means for transmitting, wherein said number is 
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derived from a time-varying quantity and a key 
unique for said authentication means, and said 
quantity independently maintained internally in 
said authentication means and in said authentica- 
tion system; said number for transmission by said 5 
means for transmitting to said authentication sys- 
tem for authenticating an identity of said user of 
said authentication means; and said number com- 
prising data for identifying said authentication 
means and comprising no data based on any keyed 10 
personal identification data; 

means for storing a personal identification number; 

a keypad for entry of a personal identification num- 
ber; and 

means for enabling said authentication means in re- IS 
sponse to a match of the stored and entered per- 
sonal identification, numbers. 

3. The authentication means of claims 1 or 2 further 
comprising a control key, for operation by said user in 
response to prompting signals received on said speaker 20 
of said telephone station, for changing a state of said 
authentication means. 

4. The authentication means of claim 3 wherein said 
control key is used for initiating transmission of said 
number. 25 

5. The authentication means of claims 1 or 2 further 
comprising a key for disabling said authentication 
means. 

6. The authentication means of claims 1 or 2 further 
comprising timing means for disabling said authentica- 30 



tioh device after a lapse of a predetermined interval 
following enablement or use of said authentication 
means. 

7. The authentication means of claim 1 or 2 further 
comprising clock means for maintaining date and time; 

wherein said independently maintained quantity is 
date and time. 

8. Hie authentication means of claims 1 or 2 wherein 
said authentication means is essentially the size of a 
credit card and is without appendages. 

9. The authentication means of claims 1 or 2 further 
comprising: 

means for displaying said number; 

wherein, in noisy surroundings, said user is enabled to 

key said number into said telephone station, using a 

keypad of said station. 

10. The authentication means of claims 1 or 2 further 
comprising: 

means for storing additional personal identification 
numbers; and 

means for storing additional data corresponding to 
said additional personal identification numbers; 

wherein said means for enabling is also responsive to 
a match of one of said additional personal identifi- 
cation numbers for enabling said authentication 
means; and 

wherein said means for generating is further respon- 
sive to said additional data if said user keys one of 
said additional personal identification numbers. 
***** 
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